ropshell> use 765f94c6ce67d60cb64362245d8b2204 (download)
name         : ld-linux.so.2 (i386/ELF)
base address : 0x1090
total gadgets: 1404

ropshell> suggest "load mem"
> 0x000110a5 : mov eax, [ebx]; pop ebx; pop esi; ret
> 0x0000d429 : mov eax, [edi]; add eax, [ecx]; call eax
> 0x00017776 : mov ebx, [eax]; add [eax], eax; lea eax, [eax - 0x774]; ret
> 0x00015882 : mov eax, [ebx + 0x14]; call [ebx]
> 0x00014acc : mov ecx, [esi]; add ecx, [eax + 4]; call ecx
> 0x0000c3d3 : mov eax, [edi + 8]; add eax, [esi]; call eax
> 0x0001956a : mov ecx, [eax]; or [eax], eax; add [ebx + 0x5e], bl; pop edi; ret
> 0x00012ae6 : mov edx, [eax + 0x870]; mov eax, [esp + 8]; mov [eax], edx; ret
> 0x0001b0d2 : mov edx, [ecx + 0x924]; add [edx + eax*2], 1; pop ebx; pop esi; ret
> 0x0001b8c4 : mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; nop ; jmp edx
> 0x0001587f : mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]
> 0x0000c833 : mov esi, [ebp + 8]; mov eax, [edi]; add eax, [esi]; call eax
> 0x0000d423 : mov ecx, [ebp + 8]; add esi, 8; mov eax, [edi]; add eax, [ecx]; call eax
> 0x0001b8c1 : mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; nop ; jmp edx
> 0x00005c7d : mov esi, [edi]; sub esp, 4; lea edx, [esi + ebx*8 + 0x260]; push edx; push 0; push esi; call eax
> 0x0001587c : mov edx, [ebx + 0xc]; mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]
> 0x00012ade : mov ecx, [eax + 0x868]; mov [edx], ecx; mov edx, [eax + 0x870]; mov eax, [esp + 8]; mov [eax], edx; ret
> 0x0001b8be : mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; nop ; jmp edx
> 0x0001b8bc : mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; nop ; jmp edx
> 0x00015877 : mov edi, [ebx + 4]; mov [ebx], eax; mov edx, [ebx + 0xc]; mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]
> 0x00015875 : mov esi, [ebx]; mov edi, [ebx + 4]; mov [ebx], eax; mov edx, [ebx + 0xc]; mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]